About fogbugzd

from the rebuilding-the-internet dept

By J. Evan Noynaert, Assistant Professor of Computer Science, Missouri
Western State University

This was a short week at Techdirt thanks to the Labor Day holiday
in the United States. Even though it was a short week, we
may eventually see it as a pivotal week in the emerging NSA revelations.
We started seeing some push-back against the scope of the snooping when
we saw the author of the Patriot Act, Jim Sensenbrenner, and members of the Church Commission tell a court that the NSA had gone too far. Even
more surprising is that they did it in support of an ACLU lawsuit (and Sensenbrenner's brief was with the EFF); the NSA/FISA scandal is making strange bedfellows. The government continues to face push-back from other sources.
Some of these were symbolic, such as the Brazilian President's threat to cancel a US visit
over NSA spying. She also backed it up with a threat to cancel
four billion dollars worth of contracts with US companies. That
is just the sort of thing that tends to get real attention in Washington
these days.

And apparently the scandal is getting some attention in the Obama
administration as well as in the NSA itself. The NSA review board is now accepting comments on aspects of the scandal
that the rest of the NSA won't even acknowledge. The White House
CIO seemed to be refuting the claims that we shouldn't worry because
"just metadata was collected" He gave a great
explanation about how much can be revealed by "just metadata,"
especially if you collect vast quantities of it. Even President Obama got in on the act by wavering ever so slightly.
True, he is still in denial about many aspects of the situation, but
the acknowledgment that we may need some changes is at least a glimmer
of hope. So the administration as a whole seems to be entering
the schizophrenic phase of policy development. It is going to
be interesting in the coming weeks to see how they resolve the issue.
We can hope that they come down on the side of openness, but there is
still a great danger that they will manage to gag the dissenters and
go back to stonewalling.

I had a real dilemma when Mike asked me to write this week's favorites.
I didn't have a favorite post for my "Favorite Posts" post.
Then I awoke to my salvation. Mike published "Online Security isn't Over; It's Just Beginning."
It is the call to arms that we need. Mike quoted Micah Lee:

Giving
up and deciding that privacy is dead is counterproductive. We need to
stop using commercial crypto. We need to make sure that free software
crypto gets serious security and usability audits.

If we do this right we can still have privacy in the 21st century.
If we give up on security because of this we will definitely lose.

The NSA scandal should be a wake-up call to everyone involved in technology
(basically everyone). There are things we can do now. We
should probably start by assuming that every commercial cryptography
product has been compromised. Every commercial operating system
is suspect. The NSA seems to have gotten backdoors
introduced into just about every major commercial security product including
many that are not US based companies. We have to assume
that if NSA can get in, then so can others. Apparently one of
the NSA's surprises when they bugged the UN was that the Chinese were
already there. Perhaps the most troubling thing about the
NSA's methods is that they preferred to have backdoors installed in
the software. An NSA backdoor makes life simple for the NSA.
But backdoors almost always compromise the security of the software
overall. Backdoors can often be opened by others; they are
one more lock that can be picked by an intruder. Backdoors
also tend to be patches on existing security systems. Given
the fine-tuning that goes on in the design of security systems, tacking
on a backdoor often involves some sloppy methods that give attackers
additional soft spots that can be exploited.

If people start turning their backs on commercial security solutions
they will probably have to embrace some of the excellent open source
security solutions. It is much harder if not impossible to build
backdoors into software that the open source community obsesses over
as it goes line-by-line through the code. But that's not to say
that open source is fully safe. I will admit to being one of the
conspiracy nuts who has been concerned that the NSA has influenced the
development of some protocols and has managed to sneak in some subtle
tells and weaknesses. The open source community needs to revisit
all of its software systems and look for hidden weaknesses and vulnerabilities.
Techdirt has been calling for rebuilding the Internet since at least 2003. This brings me to my penultimate favorite article
of the week, "The US Government Has Betrayed the Internet; It's
Time to Fix That Now." The title aptly sums up
our current situation. The US Government has betrayed the Internet
as well as the Constitution, the Bill of Rights, American Citizens,
and our allies. The easiest to repair of all those betrayals
is the Internet. As technology leaders we can start that process
now. Ironically, the NSA has served up the perfect opportunity
to make it very difficult to spy on the Internet.

So it will be interesting to see what will come in the week ahead.
One thing that surprised me as I looked back through the week's
posts, we hadn't heard from Team Prenda, and it felt like we really needed that kind of comic relief. Thankfully, just as I was finishing this post, Team Prenda delivered.

from the favorites-favorites-and-more-favorites dept

This was a great week to be posting my favorites because it started off with Nina Paley's When Copyright And Contracts Can Get In The Way Of Art.
That was a wonderful piece on several levels. First, of course, is the marvelous art work. It is under a free license, so I expect to see at least bits and pieces of the art work showing up in a variety of media. The discussion of her relationship with the museum was also interesting. It was a perfect illustration of the principle that "managers like to manage." In many cases, like this one, they tend to over manage. Someone decided that proper management required a contract. The contract they produced was silly because it included an absurd non-compete clause and completely ignored the first use rights that should have been important to the museum. One of the commenters followed up with a criticism that the problems were caused by lack of a contract, but what the situation really showed was that a signed contract is meaningless if it is poorly drawn up.

Krishna the Cowherd Prince

Then later in the week we were treated to more of Nina's work when Mike wrote about her Kickstarter Project. I was amused when Mike said that he wanted several copies to hand out. That sounds a lot like handing out religious tracts, and, I guess for some of us, bringing some sanity to the IP system does amount to a religious mission.

One thing has changed since I started reading Techdirt years ago. It seemed like most articles back then were about what is wrong with the IP system. At every turn, it seemed like the IP holders were expanding their rights at the expense of the public interest. Things are different now as we see more and more common sense being introduced into IP issues and various judges and even legislatures realizing that the public interest is not always best served by extending trademark, copyright, and patent protection at every opportunity. Yes, we still have bad things like the PROTECT IP Act proposal hanging over our heads, but there is a lot of good news.

Finally, one issue that Mike raised this week was in the article about Google's internal collision course of Chrome versus Android. I agree that there does not seem to be much coordination going on between Android and Chrome at the moment, and that it is a huge burden for any company to maintain two different operating systems. However, this is Google, and Google has proven to be extremely flexible in the past. They have a corporate culture of trying lots of different things and learning from their failures as well as their successes. I would not describe Chrome and Android as being on a collision course. I think it would be more accurate to say that they are on parallel courses. For example, Google TV didn't work out well under Chrome, so they are going to try Android on the next iteration. I'm not sure that the real problems of Google TV have much to do with the operating system, but the situation does illustrate potential advantages of having two different operating systems in place. Eventually the two will probably merge, or, if the Chrome laptops are not successful, perhaps Chrome will just Wave and fade away. I think that even if the Chrome OS is a failure, it isn't an indictment of Google but rather an example of how Google is willing to take chances, accept some failures, and move on.

The backers of the trade agreements should learn from their failures in this round. Allowing governments and third party "stakeholders" to be involved in the negotiations causes far too many problems. In the future the major corporations should work out the details among themselves. Then have fast track approval put the agreements into effect. Governments and citizens can see the contents after the agreements are ratified and become law. This would cut out the arguing and angst and give about the same results as the current system.

I used to work in city government. We had a history of being hit by tornadoes, and we took disaster planning and disaster drills very seriously. Most of the disaster drills involved tornadoes. We got hit with a couple of real disasters that were not tornadoes when I was there. It turns out that the tornado drills had provided us with experience in any type of disaster, even if it wasn't remotely related to what we had trained for.

The lesson I learned was that it was important to train for disasters, and it didn't really matter what type of disaster you were planning for. Many skills, especially communications, will come into play in any disaster. We developed contacts with other agencies, we collected maps and information resources. My first year there we discovered we had a shortage of barricades for blocking streets. A few years later we discovered that even though we had bought barricades, they had been loaned to another city after that city had a disaster and we had not gotten the barricades back.

I think training or planning for zombies or space aliens or anything else is perfectly fine. In any type of disaster there are going to be similar issues you have to think about -- communications, evacuations, traffic and crowd control, emergency housing, distributing food and water, and medical community support. The important thing is to plan and train for disasters. The Zombie Apocalypse may sound frivolous, but it forces the participants to think and exercise their response skills. If it is a bit bizarre it is also going to force the participants to think a bit outside the box.

Lots of people rely heavily on Amazon reviews. The comments are a great asset for Amazon. Sometimes I even check the Amazon reviews before buying in a brick and mortar. Last week I was doing that and ended up just buying the item from Amazon because they had a brand that I liked better than anything I was finding locally.

Amazon really can't afford to have companies like this damage the reputation of its review system. It will be interesting to see if they take any action on this particular situation.

The feds are probably just practicing. Once they get the kinks out of the system, get the banks used the closing accounts on request, and get precedents set to "protect the children" then they can go after the real targets. Suspected copyright infringers are probably next. Then they can move on to political dissent.

It is easy to see why the movie and recording industries are in love with the windowing model.*It used to work so well and was extremely profitable.*The careers of many industry executives was built around clever manipulation of the windowing model.

Those are very powerful reasons for keeping something around. Of course, there are some downsides:*Windowing does not make nearly as much sense give a global internet*It is no longer as profitable as it used to be. In fact, it is probably reducing profits.*It encourages piracy.*Its existence may threaten the survival of the industry in its current form.

For inbred corporate insiders, none of those reasons are good enough to change a way of doing business that you know and love.

>>Hopefully it will land on a judge who understands the implications of letting Garcia have her way.

Given the current state of affairs, I have slim hope of any currently sitting judge understanding copyright or the implications of bad copyright rulings. However, there is a very good chance the judge will be an ex-MPAA attorney, and I'm sure the MPAA wants this ruling to go away as quickly as possible.

>>One of the things that you will see, if you study the history of innovation, is that this is exactly how it always happens. The early projects may have some minor successes here and there, but are littered with failures. But the amazing thing about a rapidly changing world where people are doing things in a decentralized and open way is that each of those failures only contributes to the knowledge for future projects, in which more and more people are testing more and more things, getting closer to hitting that point in the "innovator's dilemma" curve, where the new systems actually serve people's needs much better than the old way.

This is exactly why software patents are such a terrible idea. The whole process breaks down if the first person patents the idea. The chances of real progress are greatly diminished if the first person gets a patent. With the patent office and East District of Texas finding that it is OK to patent general ideas the situation is even worse because someone will be likely to patent the original idea in some vague form and never even bother to produce the essential first failure. Yes, it is probably unfair that later innovators eventually reap most of the profits from early essential failures, but that is the price of progress. And in fairness, even those early failures were almost certainly produced on the backs of other, more distant failures.

I singled out software patents as being especially bad, but that is mainly because the pace of software innovation can be so rapid in the absence of software patents. "Design patents" are another case where the patent system blocks innovation, or as the constitution says, promoting progress in the arts and sciences. In practice, most patents are bad because they stifle progress which is the opposite of the purpose stated in the US Constitution.

The concept of the "Year of the Linux Desktop" is something of a running joke in the open source community. It is to the point where no one in the Linux community will dare declare next year as the Year of the Linux Desktop.

But honestly, the time has finally arrived when we really need a year of the Linux desktop. The technologically challenged should probably be running Linux Mint with a Cinnamon desktop instead of Windows. Linux in any GUI form would keep our grandparents out of many of their computer troubles. The more technologically proficient can find a version of Linux that will meet their needs and preferences.

>>any time you see someone insisting that "the answer" to dealing with widespread infringement is "more education," you know that you're dealing with someone who is either ignorant, or not particularly serious concerning the issue.

The third alternative: Someone has figured out a way to make a healthy salary from pandering to the IP industry and their fears of the copyright boogeyman.

In retrospect, I should have gone into the snakeoil business years ago.

I have noticed a disturbing trend that some parts of the government trying to criminalize poverty. Meanwhile other parts of government are promoting policies that increase number of people forced to live in poverty.